ref: c7a0c41e289892e039f4da3b37568142964620c0
parent: 7f553b165c409eb9c64fd482315e41d95ce849f5
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Tue Mar 5 20:29:23 EST 2024
flac: deal with invalid tag sizes
--- a/flac.c
+++ b/flac.c
@@ -80,11 +80,11 @@
return -1;
tagsz = leuint(d);
sz -= 4;
- if(tagsz > sz)
+ if(tagsz < 0 || tagsz > sz)
return -1;
/* if it doesn't fit, ignore it */
- if(tagsz+1 > ctx->bufsz){
+ if(tagsz == 0 || tagsz >= ctx->bufsz){
if(ctx->seek(ctx, tagsz, 1) < 0)
return -1;
continue;